Share this story

Windows XP drops out of extended support on April 8, 2014. As of April 9, 2014, there will be no more security updates or other fixes made for the ancient operating system.

Joining it are Internet Explorer 6 on Windows XP, Office 2003, and Exchange Server 2003. Exchange Server 2010 Service Pack 2 will also end support on that day, but newer Service Packs will continue to be supported. Naturally, this also includes "Windows XP Mode" in Windows 7 and other virtualized solutions.

About 38 percent of Internet users are still using Windows XP. It's unlikely that all of them will switch to Windows 7, Windows 8, or some other platform entirely by this time a year from now. It's likely that some or all of them will see their computers exploited by malware as a result.

The threat of imminent insecurity—one hesitates to describe it as "imminent obsolescence," as by any reasonable measure, Windows XP met that threshold years ago—is probably insufficient to make people stop using Windows XP today. It comes down to an unwillingness to replace systems that depend on the old software, both for economic or compatibility reasons.

Some hope that Microsoft will buckle under the pressure and further extend Windows XP's supported lifetime. One has to question the value of such a move. If a company lacks any kind of migration or transition plan after eleven and a half years, it's unlikely that another few months is going to make much difference.

Microsoft is still imploring customers to switch. At this point, it might be more effective to sigh heavily, and then tell Windows XP users to at least stop exposing their machines to the Internet. They might still get exploited through USB keys and similar attack vectors, but at least they won't be able to propagate malware, participate in spam botnets, or be recruited for distributed denial of service attacks.

My office still runs Windows XP. Given that we use OpenOffice for productivity, it's highly unlikely the powers that be will suddenly shell out for a few dozen new operating system licenses. We can't do our jobs without the Internet.

My office still runs Windows XP. Given that we use OpenOffice for productivity, it's highly unlikely the powers that be will suddenly shell out for a few dozen new operating system licenses. We can't do our jobs without the Internet.

This should be fun!

Do you use any Windows-specific software for your business? If all you use is OpenOffice (because why not have a deprecated office suite to go with your deprecated OS) then certainly your office could move to some flavor of Linux + LibreOffice?

How Microsoft hopes it will happen: "I hope everyone upgrades before April 8, 2014!!!"How it will actually happen: "So XYZ big corporation just got hacked using a Windows XP exploit and Microsoft isn't fixing it, we should probably upgrade to Windows 7"

The first major corporation to get hacked because of Windows XP will probably get a pass, the next one after that will get slammed hard for using outdated software as part of their critical infrastructure. And they better hope to god that it doesn't deal with customer info or they will be screwed.

they really could try harder to price windows 7 at an attractive level.

Most corporations have site-licenses, it's not the cost of the software that's holding them back, but the man power to actually roll out upgrades and do retraining. Keep in min that most It departments haven't had to deal with this kind of transition since Windows 2000 -> XP almost 10 years ago.

I only just upgraded to Windows 7 in July of last year. I was finally able to scrape the funds together to buy all the parts for a new computer and get Windows 7. I passed on Vista because Windows suffers the Star Trek curse of a good release followed by a terrible one.

My office still runs Windows XP. Given that we use OpenOffice for productivity, it's highly unlikely the powers that be will suddenly shell out for a few dozen new operating system licenses. We can't do our jobs without the Internet.

This should be fun!

Do you use any Windows-specific software for your business? If all you use is OpenOffice (because why not have a deprecated office suite to go with your deprecated OS) then certainly your office could move to some flavor of Linux + LibreOffice?

The cost of transitioning and supporting it is more than the cost of software licenses. That's the obvious reason why they haven't moved yet. Licenses have a fixed cost, support does not, which is why the idea of "Linux is free" is not and never will be true in a corporate environment.

No, it won't. At least, not right away. I sell 4 to 10 refurb Dell boxes with XP licenses every day and some of my customers flatly refuse to buy anything else despite how carefully I try to inform them. Whether they need it for compatibility reasons or willfully disregard my advice to the contrary, a not insignificant number of XP boxes will be online for the forseeable future.

I cater to many small business owners. I truly saddens me when one comes in fresh from licensing a very expensive piece of software from someone and hands me a spec sheet that describes the hardware contained in a credible modern gaming rig because at the bottom of the page it always says "Windows XP, 32-bit"

No, it won't. At least, not right away. I sell 4 to 10 refurb Dell boxes with XP licenses every day and some of my customers flatly refuse to buy anything else despite how carefully I try to inform them. Whether they need it for compatibility reasons or willfully disregard my advice to the contrary, a not insignificant number of XP boxes will be online for the forseeable future.

I cater to many small business owners. I truly saddens me when one comes in fresh from licensing a very expensive piece of software from someone and hands me a spec sheet that describes the hardware contained in a credible modern gaming rig because at the bottom of the page it always says "Windows XP, 32-bit"

I know it sounds terrible, but I really wish they get hacked. It really is the only way to break this kind of thinking. Loosing all of your personal data or having customer data stolen is the only thing that will get people to use proper security for their system, which yes, means upgrading your OS even if the one you have is perfectly fine.

It's not the migration issue. If we go from XP to 7, then I'm perfectly happy and I doubt anybody would have that much of a training issue. What I'm worried about is that, somwhere down the line, somebody decided to purchase equipment instead of buying. I suppose it makes sense when you're talking about hundreds of machines, but they don't bother upgrading them. So, as my workplace has decided to discontinue using Office 2003 and all new installs get 2007, I've had to try to squeeze every ounce of memory out of any sort of utility I release so that the machines with 1GB RAM and an older dual-core AMD can run them. What happens when they start trying to shoe-horn Win 7 on these dilapidated work horses?

XP and IE6 I think anyone in their right mind is glad to see go. OTOH, Office 2003 doesn't really feel long in the tooth to me. The major "improvements" have been to the UI (and that has been wildly inconsistent) and some moderate feature improvements. Nothing like the difference between XP and 7 (much less 8) or IE6 and IE 10. Sad to see it go.

I'm an academic who can get Win7 free. I am running WinXP on my state government issued laptop because there's no friggin' upgrade mechanism to go from XP to 7. If I could get from XP to 7 without having to do a complete rebuild I'd do it next weekend. (I do run Win7 on my home computer, and I like it.)

C'mon, Microsoft. If you want us to upgrade, give us the tools!

Edit: Vista is dead. Buried at a crossroads at midnight with a stake of holly through its heart. There is no more reason to defend XP->Vista.

XP and IE6 I think anyone in their right mind is glad to see go. OTOH, Office 2003 doesn't really feel long in the tooth to me. The major "improvements" have been to the UI (and that has been wildly inconsistent) and some moderate feature improvements. Nothing like the difference between XP and 7 (much less 8) or IE6 and IE 10. Sad to see it go.

There are some changes, although I wouldn't call them "significant," between 2003 and 2007. Looking at Excel alone, 2007 can handle much larger spreadsheets, for one, although not many people need 2^16 rows by 2^8 columns, so the increase (2^20 x 2^14) is somewhat of a niche need. There's a handful of new functions, and a full-step upgrade to the VBA underpinning it. Also, the file sizes are much, much smaller. The ribbon, however, is a huge improvement and, now that I've adapted to using it, I hate having to drop back into the old UI to do much of anything. But, the changes do go much deeper than the UI. 2007 has more in common with 2010 than it does 2003.

Strange... 2001 doesn't seem that far back, but 2021 feels like the "future". I hope we'll finally have hoverboards and Mr. Fusion.

AFAIK MS supports most of it's products for at least 10 years, and generally more if the new version is delayed, like what happened with Vista. Since Win8 was released in Oct 2012, Win7 will end support at the normal January 2020 date.

And BTW, it is not IE6 that is ending support, it is all versions of IE on XP. Not that IE on Server 2003 matters much outside of Terminal Servers, of course. Which reminds me that all currently supported versions of Windows has SHA256 certificates support built into CryptoAPI, except Server 2003 SP2. There is a hotfix available, but the admin has to install it and most likely reboot.

Some hope that Microsoft will buckle under the pressure and further extend Windows XP's supported lifetime. One has to question the value of such a move. If a company lacks any kind of migration or transition plan after eleven and a half years, it's unlikely that another few months is going to make much difference.

But XP's market share is a lot more than 5% currently. Anyone have estimated what the market share will be in April 2014?

Can someone tell me what vulnerabilities there are in an updated XP system which:

a) is behind a NAT firewall router,b) only uses updated stable builds of Firefox and Thunderbird to interact with the internet.

I know several people that match this description. While I agree that IE6 can die in a fire, forcing OS upgrades seems a little like telling people they suddenly have to buy new cars.

I don't use windows so feel free to educate me.

The fact it's Windows doesn't matter. It's the use of an unsupported operating system that creates a risk. If there's a new XP-specific exploit discovered then your associates will be at risk.

There have been any number of bizarre exploits discovered. As an example: image rendering bugs, where the browser calls an OS-level function to display a carefully crafted broken image which runs arbitrary code. If another one of those is discovered in XP SP3 (and your associates had better be on SP3) then patching Firefox isn't going to help.

The same things can happen in any OS. Your associates need to be aware there is some risk involved. It might be classed as low risk but high impact if their machines are business critical.